Feeds

Feds grill MS on Windows security

A step in the right direction

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

US Defense Department and FBI officials contacted Microsoft on Friday to express their concern over the recently-disclosed security bugs affecting all versions of Windows, the Associated Press reports.

The Feds were particularly concerned that the bug gives up root on Win-XP, ironically touted as the most secure Windows OS ever developed, the wire service says.

Additionally, the Feds sought assurance that the patches MS has issued are adequate to bung the holes without causing problems for the machines they're installed on.

According to MS, the patches are absolutely fabulous and will be installed via the Windows auto-update feature. Users who prefer to download them individually may do so here.

The bugs at issue are actually three flaws in the Windows Universal Plug and Play (UPnP) service. One of them can be exploited to gain System or OS-level access to any Windows machine using the service. Two others can be exploited for denial of service attacks, including the much-feared distributed variety.

We find it a healthy development that the Feds are finally showing MS that their security blunders will not go unnoticed. Whether this will translate into pressure sufficient for the company to get its act together remains to be seen; but if there's any entity which might influence the Redmond Leviathan, Uncle Sam is definitely it.

God knows generations of hackers have tried and failed to inspire the company to take security engineering seriously. ®

Related Story

MS warns of severe universal plug & play security hole

Beginner's guide to SSL certificates

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.